Simple VLAN: How to configure ports correctly?

[Asperamanca]

I have a very simple VLAN setup

• VLAN 1 (internal)
• VLAN 2 (guest)

Code Select Expand


Firewall---1+2---Smart Switch---1+2---Wifi AP
                 |  |  |  |
                 1  1  1  1
                 |  |  |  |
                 PC


On the OPNsense firewall

• I created the VLANs 1 and 2
• I checked that the Firewall port connecting to the smart switch was assigned to LAN interface, but not to one of the VLANs (I assume that means it is trunk).

On the smart switch,

• I set all ports intended for PCs etc. to "Member of VLAN 1 only" and "Untagged", with PVID set to 1
• I set the ports for Firewall and (VLAN-capable WIFI AP) to "Member of VLANs 1 and 2" and "Tagged" with PVID set to 2 (force "guest" in case a non-VLAN device is connected by mistake)

As soon as I completed this setup, I could neither reach the smart switch web interface, nor the firewall (via smart switch).
I can still connect to the firewall if I connect it directly to the PC.
For the smart switch, I probably have to do a factory reset.

Can you tell me what I did wrong?

[Asperamanca]

Although I don't really understand the reasoning, I have seen a couple of example setups where the uplink port of the switch (leading to the router/firewall) is added to all VLANs, but left untagged. The setup seems to work this way.